Re: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)

To: debian-java@lists.debian.org
Subject: Re: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)
From: Guy Geens <ggeens@iname.com>
Date: 03 Dec 2001 20:10:13 +0100
Message-id: <[🔎] 878zck2k8a.fsf@andor.geens.internal>
In-reply-to: <[🔎] BBDCA5B56D25F843A025AE850BA70F0604DE04@css8.slib.com>
References: <[🔎] BBDCA5B56D25F843A025AE850BA70F0604DE04@css8.slib.com>

>>>>> "GOMEZ" == GOMEZ Henri <hgomez@slib.fr> writes:

GOMEZ> Yep, I added also in tomcat bin wrapper a :

GOMEZ> chown -R tcuser:tcuser /var/tomcat/

GOMEZ> to make sure that tomcat is running with the rigth profile

That is not a good idea. The tomcat user should not own any files
(besides logfiles and so on). If someone manages to break into the
tomcat user account, they can change all the files owned by this user.
With your settings, they can change all web applications.

-- 
G. ``Iggy'' Geens - ICQ: #64109250
Home: <ggeens@iname.com> - Work: <guy.geens@cgey.be>
WWW: http://users.pandora.be/guy.geens/
`I want quality, not quantity. But I want lots of it!'

Reply to:

References:
- RE: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
  - From: GOMEZ Henri <hgomez@slib.fr>

Prev by Date: Re: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Next by Date: j2sdk j2se or whatever...
Previous by thread: RE: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Next by thread: RE: Tomcat userid (was Re: Tomcat 3.3 / 4.0 ? When?)
Index(es):
- Date
- Thread